66.96.147.118 Threat Intelligence and Host Information
ipinfopage
General
This page contains threat intelligence information for the IPv4 address 66.96.147.118 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
🔴 High Risk — 78/100
Geographic Location
Host and Network Information
- View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
- Country: United States
- Noticed: 9 times
- Protocols Attacked: SSH
- Countries Attacked: United States of America
- Open Ports: 110, 143, 21, 2222, 25, 443, 465, 587, 80, 993, 995
- Tor Node: No
- Associated Malware Samples: 111
Tags
- aaaa
- aaaa nxdomain
- abcd
- abuse
- admin country
- adobe
- adobe reader
- a domains
- alerts
- all scoreblue
- amazon02
- analysis date
- anomalous file
- antivirus
- a nxdomain
- apple
- apple remote
- apple spy
- as14870 flexera
- as15293
- as16276
- as17667
- as19527 google
- as19905
- as21342
- as22612
- as37153
- as397240
- as44273 host
- as49505
- as54113
- as706
- ascii text
- asnone united
- auto-generated security
- av detections
- billing country
- blind install
- body
- canada unknown
- certificate
- china
- ck id
- click
- cloudflare
- cname
- cobalt strike
- code
- components
- content type
- copy
- creation date
- csc corporate
- cve cve20020013
- cve overview
- dark
- data redacted
- date
- date app
- delete c
- discord bots
- dns replication
- dnssec
- dod
- domain
- domains
- domain status
- dynadot llc
- dynamic
- dynamicloader
- eeg
- encrypt
- enterprise
- entity
- entries
- execution
- expiration
- expiration date
- exploits
- explorer
- fake date
- ff6633
- filehash
- files
- file score
- first
- for privacy
- framing
- france unknown
- fuck
- fuck team
- gmt content
- government
- health law
- high
- hilgraeve
- historical ssl
- hitmen
- hostname
- hybrid
- ibm
- ids detections
- incorporated
- infrastructure
- installs
- internalname
- ipv4
- june
- killers
- language
- legalcopyright
- level3
- lineargradient
- local
- malicious ids
- malvertising
- malware
- mask
- medium
- memcommit
- meta
- mitre att
- moved
- name servers
- newstopics
- next
- ns nxdomain
- nxdomain
- orbiters
- oval oval
- passive dns
- path
- pattern match
- persistence
- png image
- protos
- providers
- pulse pulses
- pulse submit
- quasi
- rask
- read
- read c
- record type
- record value
- redacted for
- referrer
- refresh
- registrant fax
- registrant name
- registrar abuse
- registrar url
- registry domain
- rgba
- russia unknown
- scaleway
- scan endpoints
- script urls
- scroll
- search
- server
- servers
- shadow
- show
- showing
- show technique
- south africa
- stalkers
- state server
- status
- stop
- strings
- submitters
- suspicious
- targeted
- teenfuckers.com
- teen porn
- threat network
- time
- time stamping
- title
- tls sni
- total
- trojan
- ttl value
- tucows
- ualberta tld
- united
- unknown
- url analysis
- urls
- usa taiwan
- utc submissions
- vercel x
- virgin islands
- vulnerabilities
- whitelisted
- whois lookup
- win32trickler
- write
- write c
- x force
- yara detections
- zeppelin20
- ウェアラブル
- 心電
- 猫耳
- 脳波
MITRE ATT&CK TTPs
- T1056.001 - Keylogging
- T1060 - Registry Run Keys / Startup Folder
- T1068 - Exploitation for Privilege Escalation
- T1071.001 - Web Protocols
- T1071.004 - DNS
- T1071 - Application Layer Protocol
- T1082 - System Information Discovery
- T1105 - Ingress Tool Transfer
- T1112 - Modify Registry
- T1118 - InstallUtil
- T1443 - Remotely Install Application
- T1478 - Install Insecure or Malicious Configuration
- T1528 - Steal Application Access Token
- T1539 - Steal Web Session Cookie
- T1553.002 - Code Signing
- T1553 - Subvert Trust Controls
- T1568.002 - Domain Generation Algorithms
- T1568 - Dynamic Resolution
- T1583.001 - Domains
- T1583 - Acquire Infrastructure
- T1589 - Gather Victim Identity Information
- T1590 - Gather Victim Network Information
- T1591 - Gather Victim Org Information
- TA0003 - Persistence
- TA0011 - Command and Control
Associated CVEs
- CVE-2015-9251
Passive DNS
- curewars2.org
Attack Log References
Whois Information
NetRange: 66.96.128.0 - 66.96.191.255
CIDR: 66.96.128.0/18
NetName: BIZLAND-FC01
NetHandle: NET-66-96-128-0-1
Parent: NET66 (NET-66-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Newfold Digital, Inc. (EIG-12)
RegDate: 2001-04-03
Updated: 2012-03-02
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Ref: https://rdap.arin.net/registry/ip/66.96.128.0
OrgName: Newfold Digital, Inc.
OrgId: EIG-12
Address: 5535 Gate Parkway
City: Jacksonville
StateProv: FL
PostalCode: 32256
Country: US
RegDate: 2005-02-07
Updated: 2025-07-23
Ref: https://rdap.arin.net/registry/entity/EIG-12
OrgNOCHandle: ENO74-ARIN
OrgNOCName: EIG Network Operations
OrgNOCPhone: +1-877-659-6181
OrgNOCEmail: eig-net-team@endurance.com
OrgNOCRef: https://rdap.arin.net/registry/entity/ENO74-ARIN
OrgTechHandle: ENO74-ARIN
OrgTechName: EIG Network Operations
OrgTechPhone: +1-877-659-6181
OrgTechEmail: eig-net-team@endurance.com
OrgTechRef: https://rdap.arin.net/registry/entity/ENO74-ARIN
OrgAbuseHandle: EIGAB1-ARIN
OrgAbuseName: EIG-Abuse Mitigation
OrgAbusePhone: +1-877-659-6181
OrgAbuseEmail: IARPOC@Newfold.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/EIGAB1-ARIN